[go: up one dir, main page]

CN117744067B - Access space switching method, device, processor, equipment and storage medium - Google Patents

Access space switching method, device, processor, equipment and storage medium Download PDF

Info

Publication number
CN117744067B
CN117744067B CN202410190644.5A CN202410190644A CN117744067B CN 117744067 B CN117744067 B CN 117744067B CN 202410190644 A CN202410190644 A CN 202410190644A CN 117744067 B CN117744067 B CN 117744067B
Authority
CN
China
Prior art keywords
space
access
secure
access space
switching
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410190644.5A
Other languages
Chinese (zh)
Other versions
CN117744067A (en
Inventor
杨金龙
周斌
缪磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xiangdixian Computing Technology Co Ltd
Original Assignee
Beijing Xiangdixian Computing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Xiangdixian Computing Technology Co Ltd filed Critical Beijing Xiangdixian Computing Technology Co Ltd
Priority to CN202410190644.5A priority Critical patent/CN117744067B/en
Publication of CN117744067A publication Critical patent/CN117744067A/en
Application granted granted Critical
Publication of CN117744067B publication Critical patent/CN117744067B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

本公开提供一种访问空间切换方法、装置、处理器、设备及存储介质。该方法基于接收的访问参数确定待切换的访问空间,并从当前访问空间跳转至EL3;在EL3中,保存当前访问空间的上下文,并进行访问空间的切换设置,设置完成后恢复当前访问空间的上下文,基于恢复的当前访问空间的上下文,确定待切换的访问空间的运行程序;安全空间的运行程序和非安全空间的运行程序使用一套代码;基于待切换的访问空间的运行程序和切换设置,进入到待切换的访问空间。通过使用一套代码,模拟安全空间的运行程序和非安全空间的运行程序,不需要针对不同的访问空间设置不同的堆栈、运行程序和操作系统,在实现上更加简易,也减轻了开发人员的工作量。

The present disclosure provides an access space switching method, device, processor, equipment and storage medium. The method determines the access space to be switched based on the received access parameters, and jumps from the current access space to EL3; in EL3, the context of the current access space is saved, and the access space switching setting is performed, and the context of the current access space is restored after the setting is completed, and the running program of the access space to be switched is determined based on the restored context of the current access space; the running program of the secure space and the running program of the non-secure space use a set of codes; based on the running program of the access space to be switched and the switching setting, enter the access space to be switched. By using a set of codes to simulate the running program of the secure space and the running program of the non-secure space, there is no need to set different stacks, running programs and operating systems for different access spaces, which is simpler in implementation and reduces the workload of developers.

Description

访问空间切换方法、装置、处理器、设备及存储介质Access space switching method, device, processor, equipment and storage medium

技术领域Technical Field

本公开涉及安全访问技术领域,尤其涉及一种访问空间切换方法、装置、处理器、设备及存储介质。The present disclosure relates to the field of secure access technology, and in particular to an access space switching method, apparatus, processor, device and storage medium.

背景技术Background technique

对于ARMv8 aarch64架构的处理器安全访问场景,如图1所示,使用了信任区(TRUSTZONE,TZ)机制将系统分为非安全空间(Non-secure state/Normal world/REE)和安全空间(Secure state/Secure world/TEE),并在非安全空间和安全空间的基础上引入了称为监视模式(Secure Monitor,又称安全监视器)的处理器模式,使得非安全空间和安全空间之间可以通过安全监视器模式实现彼此自由切换。在上述TZ架构的基础上,考虑到非安全空间和安全空间的各个组件对应有不同的访问系统和处理器资源的权限级别,因此又引入了可信固件(Trusted Firmware,TF)方案中的异常等级(Exception Levels,EL)对其进一步划分,具体地:分为EL0、EL1、EL2、EL3这四个等级。其中,EL0中运行的是普通APP;而EL1中一般运行的是操作系统或底层软件;EL2提供了对虚拟化的支持,可以不实现;EL3提供了安全空间与非安全空间之间的切换以及其他的高级功能。For the processor security access scenario of the ARMv8 aarch64 architecture, as shown in Figure 1, the TrustZONE (TZ) mechanism is used to divide the system into non-secure space (Non-secure state/Normal world/REE) and secure space (Secure state/Secure world/TEE), and a processor mode called monitor mode (Secure Monitor, also known as secure monitor) is introduced on the basis of non-secure space and secure space, so that the non-secure space and secure space can switch freely with each other through the secure monitor mode. On the basis of the above TZ architecture, considering that each component of the non-secure space and the secure space has different permission levels to access the system and processor resources, the exception levels (EL) in the Trusted Firmware (TF) solution are introduced to further divide it, specifically: divided into four levels: EL0, EL1, EL2, and EL3. Among them, ordinary APP runs in EL0; while EL1 generally runs the operating system or underlying software; EL2 provides support for virtualization, which can be not implemented; EL3 provides switching between secure space and non-secure space and other advanced functions.

对于目前的硬件验证来说,并不涉及复杂的操作系统以及任务调度等,更加聚焦在寄存器配置/硬件通路分析等,故目前的硬件验证一般都是非安全访问,并不涉及安全访问。但随着技术的进步,在一些安全场景(如机密计算和数字版权管理),对于外设来说,为保证安全性(如指纹验证),有一部分寄存器是私密的,对于普通的APP(如微信)无法直接访问,否则会触发异常或返回值内容不符合预期。故有的硬件验证场景也需要涉及到安全访问,但目前的硬件验证固件代码并不支持安全访问,也不涉及非安全访问和安全访问之间的切换。若采用现有产品交付形式的安全空间或非安全空间的访问方法,需要实现或移植完整的EL0/EL1/EL3中的堆栈/代码/处理逻辑以及相关的安全启动流程,具有工作量巨大、软件设计能力要求高的问题。For the current hardware verification, it does not involve complex operating systems and task scheduling, etc., but focuses more on register configuration/hardware path analysis, etc. Therefore, the current hardware verification is generally non-secure access and does not involve secure access. However, with the advancement of technology, in some security scenarios (such as confidential computing and digital rights management), for peripherals, in order to ensure security (such as fingerprint verification), some registers are private and cannot be directly accessed by ordinary apps (such as WeChat), otherwise it will trigger an exception or the return value content will not meet expectations. Therefore, some hardware verification scenarios also need to involve secure access, but the current hardware verification firmware code does not support secure access, nor does it involve switching between non-secure access and secure access. If the access method of the secure space or non-secure space in the existing product delivery form is adopted, it is necessary to implement or transplant the complete stack/code/processing logic in EL0/EL1/EL3 and the related secure boot process, which has the problems of huge workload and high software design capability requirements.

其中,ARM(Advanced RISC Machines,先进精简指令集机器)架构是一个精简指令集(Reduced Instruction Set Computer,RISC)处理器架构,ARMvX中的X指的是ARM的指令集和架构版本,ARMv8是第一代支持64位处理器的指令集和体系结构,ARMv8有两个执行状态,aarch64:64位的执行状态,aarch32:32位的执行状态。Among them, the ARM (Advanced RISC Machines) architecture is a reduced instruction set (RISC) processor architecture. The X in ARMvX refers to the ARM instruction set and architecture version. ARMv8 is the first generation of instruction set and architecture that supports 64-bit processors. ARMv8 has two execution states, aarch64: 64-bit execution state, aarch32: 32-bit execution state.

发明内容Summary of the invention

本公开的目的是提供一种访问空间切换方法、装置、处理器、设备及存储介质,以简化安全空间和非安全空间之间切换的工作量。The purpose of the present disclosure is to provide an access space switching method, apparatus, processor, device and storage medium to simplify the workload of switching between a secure space and a non-secure space.

根据本公开的一个方面,提供一种访问空间切换方法,包括:According to one aspect of the present disclosure, there is provided an access space switching method, including:

基于接收的访问参数确定待切换的访问空间,并从当前访问空间跳转至EL3;访问空间包括安全空间和非安全空间,当前访问空间与待切换的访问空间为不同的访问空间;Determine the access space to be switched based on the received access parameters, and jump from the current access space to EL3; the access space includes a secure space and a non-secure space, and the current access space and the access space to be switched are different access spaces;

在EL3中,保存当前访问空间的上下文,并进行访问空间的切换设置,设置完成后恢复当前访问空间的上下文,基于恢复的当前访问空间的上下文,确定待切换的访问空间的运行程序;所述安全空间的运行程序和非安全空间的运行程序使用一套代码;In EL3, the context of the current access space is saved, and the access space switching setting is performed. After the setting is completed, the context of the current access space is restored, and based on the restored context of the current access space, the running program of the access space to be switched is determined; the running program of the secure space and the running program of the non-secure space use a set of codes;

基于待切换的访问空间的运行程序和切换设置,进入到待切换的访问空间。Based on the running programs and switching settings of the access space to be switched, enter the access space to be switched.

进一步的,访问空间切换方法还包括:Furthermore, the access space switching method further includes:

在进行访问空间切换之前,对安全空间和非安全空间进行固件堆栈设置。Before switching the access space, the firmware stack is set for the secure space and the non-secure space.

进一步的,对安全空间和非安全空间进行固件堆栈设置,包括:Furthermore, the firmware stack is set for the secure space and the non-secure space, including:

将安全空间的堆栈和非安全空间的堆栈设置为同一堆栈。Set the stack of the secure space and the stack of the non-secure space to the same stack.

进一步的,对安全空间和非安全空间进行固件堆栈设置,还包括:Furthermore, the firmware stack settings for the secure space and the non-secure space also include:

为安全空间和非安全空间配置相同的MMU页表。Configure the same MMU page tables for secure and non-secure spaces.

进一步的,为安全空间和非安全空间配置相同的MMU页表,包括:Furthermore, the same MMU page table is configured for the secure space and the non-secure space, including:

将MMU页表中的NS位设置为0。Set the NS bit in the MMU page table to 0.

进一步的,上下文包括当前访问空间的相关寄存器值,基于恢复的所述当前访问空间的上下文,确定待切换的访问空间的运行程序,包括:Further, the context includes a relevant register value of the current access space, and based on the restored context of the current access space, determining the running program of the access space to be switched includes:

基于当前访问空间的相关寄存器值获取当前访问空间的当前运行程序地址;Obtaining the address of the current running program in the current access space based on the relevant register value of the current access space;

基于当前运行程序地址获得待切换的访问空间的运行程序。The running program of the access space to be switched is obtained based on the address of the current running program.

进一步的,进行访问空间的切换设置包括:Furthermore, the switching setting of the access space includes:

根据待切换的访问空间的类型,对SCR_EL3寄存器的NS位进行设置;SCR_EL3寄存器的NS位设置为0则表征进行安全空间的访问行为,SCR_EL3寄存器的NS位设置为1则表征进行非安全空间的访问行为。According to the type of access space to be switched, the NS bit of the SCR_EL3 register is set; if the NS bit of the SCR_EL3 register is set to 0, it indicates the access behavior of the secure space, and if the NS bit of the SCR_EL3 register is set to 1, it indicates the access behavior of the non-secure space.

根据本公开的另一方面,本公开提供一种访问空间切换装置,包括:According to another aspect of the present disclosure, the present disclosure provides an access space switching device, including:

访问空间确定模块,用于基于接收的访问参数确定待切换的访问空间,并从当前访问空间跳转至EL3;访问空间包括安全空间和非安全空间,当前访问空间与待切换的访问空间为不同的访问空间;An access space determination module, used to determine the access space to be switched based on the received access parameters, and jump from the current access space to EL3; the access space includes a secure space and a non-secure space, and the current access space and the access space to be switched are different access spaces;

访问空间切换设置模块,用于在EL3中,保存当前访问空间的上下文,并进行访问空间的切换设置,设置完成后恢复当前访问空间的上下文,基于恢复的当前访问空间的上下文,确定待切换的访问空间的运行程序;所述安全空间的运行程序和非安全空间的运行程序使用一套代码;An access space switching setting module is used to save the context of the current access space in EL3, and perform access space switching settings, restore the context of the current access space after the settings are completed, and determine the running program of the access space to be switched based on the restored context of the current access space; the running program of the secure space and the running program of the non-secure space use a set of codes;

访问空间切换模块,用于基于待切换的访问空间的运行程序和切换设置,进入到待切换的访问空间。The access space switching module is used to enter the access space to be switched based on the running program and switching settings of the access space to be switched.

进一步的,访问空间切换装置还包括:Furthermore, the access space switching device also includes:

初始化设置模块,用于在进行访问空间切换之前,对安全空间和非安全空间进行固件堆栈设置。The initialization setting module is used to set the firmware stack for the secure space and the non-secure space before switching the access space.

进一步的,初始化设置模块,还用于将安全空间的堆栈和非安全空间的堆栈设置为同一堆栈。Furthermore, the initialization setting module is also used to set the stack of the secure space and the stack of the non-secure space to be the same stack.

进一步的,初始化设置模块,还用于为安全空间和非安全空间配置相同的MMU页表。Furthermore, the initialization setting module is also used to configure the same MMU page table for the secure space and the non-secure space.

进一步的,初始化设置模块,还用于将MMU页表中的NS位设置为0。Furthermore, the initialization setting module is also used to set the NS bit in the MMU page table to 0.

进一步的,上下文包括当前访问空间的相关寄存器值,访问空间切换设置模块,还用于基于当前访问空间的相关寄存器值获取当前访问空间的当前运行程序地址;Further, the context includes the relevant register value of the current access space, and the access space switching setting module is also used to obtain the current running program address of the current access space based on the relevant register value of the current access space;

基于当前运行程序地址获得待切换的访问空间的运行程序。The running program of the access space to be switched is obtained based on the address of the current running program.

进一步的,访问空间切换设置模块,还用于根据待切换的访问空间的类型,对SCR_EL3寄存器的NS位进行设置;SCR_EL3寄存器的NS位设置为0则表征进行安全空间的访问行为,SCR_EL3寄存器的NS位设置为1则表征进行非安全空间的访问行为。Furthermore, the access space switching setting module is also used to set the NS bit of the SCR_EL3 register according to the type of access space to be switched; if the NS bit of the SCR_EL3 register is set to 0, it indicates the access behavior of the secure space, and if the NS bit of the SCR_EL3 register is set to 1, it indicates the access behavior of the non-secure space.

根据本公开的另一方面,提供一种处理器,将处理器划分为安全空间、非安全空间和EL3,处理器基于上述任一实施例所述的访问空间切换方法,进行安全空间和非安全空间之间的切换。According to another aspect of the present disclosure, a processor is provided, which is divided into a secure space, a non-secure space and EL3, and the processor switches between the secure space and the non-secure space based on the access space switching method described in any of the above embodiments.

根据本公开的另一方面,提供一种电子装置,包括上述任一实施例所述的处理器。According to another aspect of the present disclosure, an electronic device is provided, comprising the processor described in any one of the above embodiments.

根据本公开的另一方面,提供一种电子设备,包括上述任一实施例所述的电子装置。According to another aspect of the present disclosure, an electronic device is provided, comprising the electronic device described in any one of the above embodiments.

根据本公开的另一方面,提供一种存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现上述任一实施例所述的访问空间切换方法的步骤。According to another aspect of the present disclosure, a storage medium is provided, on which a computer program is stored. When the computer program is executed by a processor, the steps of the access space switching method described in any of the above embodiments are implemented.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1为现有技术的处理器架构示意图;FIG1 is a schematic diagram of a processor architecture in the prior art;

图2为本公开一个实施例提供的访问空间切换方法流程示意图;FIG2 is a schematic diagram of a flow chart of an access space switching method provided by an embodiment of the present disclosure;

图3为本公开一个实施例提供的访问空间切换装置结构示意图。FIG3 is a schematic diagram of the structure of an access space switching device provided by an embodiment of the present disclosure.

具体实施方式Detailed ways

在介绍本公开实施例之前,应当说明的是:Before introducing the embodiments of the present disclosure, it should be noted that:

本公开部分实施例被描述为处理流程,虽然流程的各个操作步骤可能被冠以顺序的步骤编号,但是其中的操作步骤可以被并行地、并发地或者同时实施。Some embodiments of the present disclosure are described as processing flows. Although the various operation steps of the flow may be given sequential step numbers, the operation steps therein may be implemented in parallel, concurrently or simultaneously.

本公开实施例中可能使用了术语“第一”、“第二”等等来描述各个特征,但是这些特征不应当受这些术语限制。使用这些术语仅仅是为了将一个特征与另一个特征进行区分。In the embodiments of the present disclosure, the terms "first", "second", etc. may be used to describe various features, but these features should not be limited by these terms. These terms are used only to distinguish one feature from another.

本公开实施例中可能使用了术语“和/或”,“和/或”包括其中一个或更多所列出的相关联特征的任意和所有组合。The term “and/or” may be used in embodiments of the present disclosure. “And/or” includes any and all combinations of one or more of the associated features listed.

应当理解的是,当描述两个部件的连接关系或通信关系时,除非明确指明两个部件之间直接连接或直接通信,否则,两个部件的连接或通信可以理解为直接连接或通信,也可以理解为通过中间部件间接连接或通信。It should be understood that when describing the connection or communication relationship between two components, unless it is explicitly stated that the two components are directly connected or directly communicating, the connection or communication between the two components can be understood as direct connection or communication, or as indirect connection or communication through an intermediate component.

为了使本公开实施例中的技术方案及优点更加清楚明白,以下结合附图对本公开的示例性实施例进行进一步详细的说明,显然,所描述的实施例仅是本公开的一部分实施例,而不是所有实施例的穷举。需要说明的是,在不冲突的情况下,本公开中的实施例及实施例中的特征可以相互组合。In order to make the technical solutions and advantages of the embodiments of the present disclosure more clearly understood, the exemplary embodiments of the present disclosure are further described in detail below in conjunction with the accompanying drawings. Obviously, the described embodiments are only part of the embodiments of the present disclosure, rather than an exhaustive list of all the embodiments. It should be noted that the embodiments of the present disclosure and the features in the embodiments can be combined with each other without conflict.

本公开的目的是提供一种简化的访问空间切换方法,由于现有的安全空间与非安全空间之间的切换方法在实现过程中,会对安全空间和非安全空间分别设置对应的堆栈,安全空间的运行程序保存在安全空间对应的堆栈中,非安全空间的运行程序保存在非安全空间对应的堆栈中,即安全空间的运行程序和非安全空间的运行程序为两套代码。例如,若当前程序在非安全空间的EL1运行,来了一个想给安全空间的EL1处理的中断,此时非安全空间的EL1会调用SMC(secure monitor call,安全监控调用)进入EL3,即该步骤是通过非安全空间的EL1的程序+非安全空间的堆栈实现的;进入到EL3后,EL3保存非安全空间的上下文,并进行访问空间的切换设置,设置完成后恢复安全空间的上下文,通过ERET(Exception Return,异常返回)指令进入到安全空间的EL1,即该步骤是通过EL3的程序+EL3的堆栈实现的;进入到安全空间的EL1后,安全空间的EL1进行相关处理,即该步骤是通过安全空间的EL1的程序+安全空间的堆栈实现的。且在执行不同空间的运行程序时,所采用的操作系统也会不同,例如安全空间的EL1使用OPTEE,非安全空间的EL1使用LINUX,EL3使用ATF(ARM trusted firmware,ARM可信固件);其中,OPTEE是一种ARM架构下支持Trustzone技术的双内核操作系统。The purpose of the present disclosure is to provide a simplified access space switching method. Since the existing switching method between a secure space and a non-secure space sets corresponding stacks for the secure space and the non-secure space respectively during implementation, the running program of the secure space is saved in the stack corresponding to the secure space, and the running program of the non-secure space is saved in the stack corresponding to the non-secure space, that is, the running program of the secure space and the running program of the non-secure space are two sets of codes. For example, if the current program is running in EL1 of the non-secure space, and an interrupt that is intended to be processed by EL1 of the secure space comes, then EL1 of the non-secure space will call SMC (secure monitor call) to enter EL3, that is, this step is implemented by the program of EL1 of the non-secure space + the stack of the non-secure space; after entering EL3, EL3 saves the context of the non-secure space and performs the switch setting of the access space. After the setting is completed, the context of the secure space is restored, and the ERET (Exception Return) instruction is used to enter EL1 of the secure space, that is, this step is implemented by the program of EL3 + the stack of EL3; after entering EL1 of the secure space, EL1 of the secure space performs relevant processing, that is, this step is implemented by the program of EL1 of the secure space + the stack of the secure space. And when executing running programs in different spaces, the operating systems used will also be different, for example, EL1 of the secure space uses OPTEE, EL1 of the non-secure space uses LINUX, and EL3 uses ATF (ARM trusted firmware); among them, OPTEE is a dual-core operating system that supports Trustzone technology under the ARM architecture.

而本公开将安全空间的堆栈和非安全空间的堆栈设置为同一堆栈,安全空间的运行程序和非安全空间的运行程序也使用同一套代码,通过使用一套代码,模拟安全空间的运行程序和非安全空间的运行程序;即本公开在非安全空间的EL1和安全空间的EL1实际上是从同一个堆栈中获取运行程序,且运行程序也是使用同一套代码;具体实现就是在EL3中,EL3保存的上下文和恢复的上下文为同一套代码的相关内容,只是保存的上下文用于指示当前访问空间的运行程序,恢复的上下文用于指示待切换的访问空间的运行程序;由于使用一套代码,操作系统也就只需采用一种。相较于现有的安全空间与非安全空间之间的切换方法,本公开的切换方案不需要针对不同的访问空间设置不同的堆栈、运行程序和操作系统,在实现上更加简易,也减轻了开发人员的工作量。同时,本公开的EL3只需实现空间切换和保存上下文的功能,无需实现其它功能,故本公开的EL3的代码也相较于现有的EL3的代码更加简要。The present disclosure sets the stack of the secure space and the stack of the non-secure space to the same stack, and the running program of the secure space and the running program of the non-secure space also use the same set of codes. By using a set of codes, the running program of the secure space and the running program of the non-secure space are simulated; that is, the present disclosure actually obtains the running program from the same stack in the EL1 of the non-secure space and the EL1 of the secure space, and the running program also uses the same set of codes; the specific implementation is that in EL3, the context saved by EL3 and the context restored are the relevant contents of the same set of codes, but the saved context is used to indicate the running program of the current access space, and the restored context is used to indicate the running program of the access space to be switched; because a set of codes is used, the operating system only needs to use one. Compared with the existing switching method between the secure space and the non-secure space, the switching scheme of the present disclosure does not need to set different stacks, running programs and operating systems for different access spaces, which is simpler in implementation and reduces the workload of developers. At the same time, the EL3 of the present disclosure only needs to implement the functions of space switching and context saving, and does not need to implement other functions, so the code of the EL3 of the present disclosure is also more concise than the existing EL3 code.

本公开的一个实施例提供一种访问空间切换方法,如图2所示,该访问空间切换方法包括以下步骤:An embodiment of the present disclosure provides an access space switching method, as shown in FIG2 , the access space switching method includes the following steps:

步骤101、基于接收的访问参数确定待切换的访问空间,并从当前访问空间跳转至EL3;Step 101: Determine the access space to be switched based on the received access parameters, and jump from the current access space to EL3;

步骤102、在EL3中,保存当前访问空间的上下文,并进行访问空间的切换设置,设置完成后恢复当前访问空间的上下文,基于恢复的当前访问空间的上下文,确定待切换的访问空间的运行程序;Step 102: In EL3, save the context of the current access space, and perform access space switching settings. After the settings are completed, restore the context of the current access space, and determine the running program of the access space to be switched based on the restored context of the current access space;

步骤103、基于待切换的访问空间的运行程序和切换设置,进入到待切换的访问空间。Step 103: Enter the access space to be switched based on the running program and switching settings of the access space to be switched.

其中,访问空间包括安全空间和非安全空间,当前访问空间与待切换的访问空间为不同的访问空间;安全空间的运行程序和非安全空间的运行程序使用一套代码。The access space includes a secure space and a non-secure space, and the current access space and the access space to be switched are different access spaces; the running program of the secure space and the running program of the non-secure space use a set of codes.

应理解,基于ARMv8 aarch64架构的处理器使用了TRUSTZONE机制划分为非安全空间、安全空间和EL3,而非安全空间和安全空间又引入了可信固件方案中的EL进行进一步划分,将非安全空间和安全空间均进一步分为EL0、EL1和EL2。而该处理器可以为ARMv8aarch64架构的CPU(Central Processing Unit,中央处理器)、GPU(graphics processingunit,图形处理器)和片上系统的MCU(Micro Control Unit,微控制单元)等。It should be understood that the processor based on the ARMv8 aarch64 architecture uses the TRUSTZONE mechanism to divide it into non-secure space, secure space and EL3, and the non-secure space and secure space are further divided by introducing the EL in the trusted firmware solution, and the non-secure space and secure space are further divided into EL0, EL1 and EL2. The processor can be a CPU (Central Processing Unit), GPU (graphics processing unit) and MCU (Micro Control Unit) of the system on chip of the ARMv8aarch64 architecture.

在一种实施方式中,若程序当前正常运行在非安全空间的EL1中,固件代码可以通过调用接口输入访问参数。接口判断访问参数为非安全访问还是安全访问,若为安全访问,则确定待切换的访问空间为安全空间,若为非安全访问,则确定待切换的访问空间为非安全空间。In one implementation, if the program is currently running normally in EL1 of the non-secure space, the firmware code can input access parameters by calling the interface. The interface determines whether the access parameter is non-secure access or secure access. If it is secure access, the access space to be switched is determined to be the secure space. If it is non-secure access, the access space to be switched is determined to be the non-secure space.

若基于接收的访问参数确定待切换的访问空间为安全空间的EL1,且当前访问空间为非安全空间的EL1;则非安全空间的EL1会调用SMC指令,由于SMC是EL1/2到EL3的跳转,因此会跳转到EL3的中断向量表,同时访问参数会存入到ESR_EL3寄存器的ISS字段。ESR_EL3是ARMV8的一个寄存器,ISS是ESR_EL3的一个字段,如果发生了“SMC X”指令,X会存入到ISS字段中;其中,X是SMC指令的参数,X依据访问参数确定。因此可以通过待切换的访问空间是安全空间或非安全空间来设置X的值,通过ISS进行参数传递;可以设置X的值为0表征待切换的访问空间是安全空间,可以设置X的值为1表征待切换的访问空间是非安全空间。If the access space to be switched is determined to be EL1 of the secure space based on the received access parameters, and the current access space is EL1 of the non-secure space; then the EL1 of the non-secure space will call the SMC instruction. Since SMC is a jump from EL1/2 to EL3, it will jump to the interrupt vector table of EL3, and the access parameters will be stored in the ISS field of the ESR_EL3 register. ESR_EL3 is a register of ARMV8, and ISS is a field of ESR_EL3. If the "SMC X" instruction occurs, X will be stored in the ISS field; where X is the parameter of the SMC instruction, and X is determined based on the access parameters. Therefore, the value of X can be set by whether the access space to be switched is a secure space or a non-secure space, and the parameters can be passed through ISS; the value of X can be set to 0 to indicate that the access space to be switched is a secure space, and the value of X can be set to 1 to indicate that the access space to be switched is a non-secure space.

EL3识别此时为SMC指令,且之前运行在非安全空间的EL1中,因此调用中断处理函数(例如,SYNC的处理函数EL3_SYNC_HANDLER),中断处理函数通过汇编指令保存当前访问空间的上下文;保存后跳转到C处理函数(例如,EL3_L64SYNC的C处理函数),C处理函数读取ESR_EL3寄存器中ISS字段的值,若该值为0,则识别到此时要进入安全空间,因此进行访问空间的切换设置,设置完成后退出到中断处理函数。EL3 recognizes that this is an SMC instruction, and it was previously running in the non-secure space EL1, so it calls the interrupt handling function (for example, the SYNC handling function EL3_SYNC_HANDLER), and the interrupt handling function saves the context of the current access space through assembly instructions; after saving, it jumps to the C handling function (for example, the C handling function of EL3_L64SYNC), and the C handling function reads the value of the ISS field in the ESR_EL3 register. If the value is 0, it recognizes that it is going to enter the secure space at this time, so it performs the access space switching setting, and exits to the interrupt handling function after the setting is completed.

由于安全空间的运行程序和非安全空间的运行程序使用一套代码,因此直接恢复之前保存的上下文,确定待切换的访问空间的运行程序;然后触发ERET指令,进入到待切换的访问空间。Since the running program in the secure space and the running program in the non-secure space use a set of codes, the previously saved context is directly restored to determine the running program in the access space to be switched; then the ERET instruction is triggered to enter the access space to be switched.

在本公开中上下文包括当前访问空间的相关寄存器值,基于当前访问空间的相关寄存器值获取当前访问空间的当前运行程序地址,基于当前运行程序地址获得待切换的访问空间的运行程序。In the present disclosure, the context includes the relevant register value of the current access space, the current running program address of the current access space is obtained based on the relevant register value of the current access space, and the running program of the access space to be switched is obtained based on the current running program address.

应理解,由于安全空间的运行程序和非安全空间的运行程序使用一套代码,即安全空间的运行程序和非安全空间的运行程序为该套代码中不同位置。当前运行程序地址可以理解为非安全空间到安全空间切换时,非安全空间的运行程序当前地址;基于当前运行程序地址可以获得安全空间的运行程序地址,基于安全空间的运行程序地址即可获得安全空间的运行程序。其中,在非安全空间到安全空间切换时,硬件会自动把PC(指令)保存到ELR_EL1寄存器中,ERET后,硬件会从ELR_EL1中恢复PC值;由于在汇编指令中,由PC指针指示执行哪一条指令,所以基于非安全空间的PC值可以知道,切换到安全空间后,安全空间的运行程序地址,即知道下一步执行哪条汇编指令。It should be understood that since the running program of the secure space and the running program of the non-secure space use a set of codes, the running program of the secure space and the running program of the non-secure space are at different locations in the set of codes. The current running program address can be understood as the current address of the running program of the non-secure space when switching from the non-secure space to the secure space; the running program address of the secure space can be obtained based on the current running program address, and the running program of the secure space can be obtained based on the running program address of the secure space. Among them, when switching from the non-secure space to the secure space, the hardware will automatically save the PC (instruction) to the ELR_EL1 register, and after ERET, the hardware will restore the PC value from ELR_EL1; because in the assembly instruction, the PC pointer indicates which instruction to execute, so based on the PC value of the non-secure space, it can be known that after switching to the secure space, the running program address of the secure space, that is, it knows which assembly instruction to execute next.

当然该实施例只是本公开的一种示例,基于当前运行程序地址获得待切换的访问空间的运行程序的方式并不局限于此,还可以根据实际情况进行设置。若对于安全访问场景的验证需求,只聚焦于外设的行为是否符合预期;如只关注是否进行了非安全访问和安全访问的切换操作,而不关注具体访问功能;在生成代码时,就不用专门指定哪些代码为安全空间的运行程序,哪些代码为非安全空间的运行程序;以及在进行访问空间切换操作时,待切换的访问空间的运行程序获取方式,只需对当前运行程序地址进行加1操作即可,只要保证访问空间的切换设置前后,运行是不同的代码;即只需保证进行访问空间的切换即可。Of course, this embodiment is only an example of the present disclosure. The method of obtaining the running program of the access space to be switched based on the address of the current running program is not limited to this, and can also be set according to actual conditions. If the verification requirements for the secure access scenario only focus on whether the behavior of the peripheral meets expectations; such as only focusing on whether the switching operation between non-secure access and secure access is performed, without paying attention to the specific access function; when generating code, there is no need to specifically specify which codes are running programs in the secure space and which codes are running programs in the non-secure space; and when performing the access space switching operation, the method of obtaining the running program of the access space to be switched only needs to add 1 to the current running program address, as long as it is ensured that different codes are running before and after the access space switching setting; that is, it is only necessary to ensure that the access space is switched.

在本公开中,进行访问空间的切换设置包括:根据待切换的访问空间的类型,对SCR_EL3寄存器的NS位进行设置;SCR_EL3寄存器的NS位设置为0则表征进行安全空间的访问行为,SCR_EL3寄存器的NS位设置为1则表征进行非安全空间的访问行为。In the present disclosure, the switching setting of the access space includes: setting the NS bit of the SCR_EL3 register according to the type of access space to be switched; if the NS bit of the SCR_EL3 register is set to 0, it represents the access behavior of the secure space, and if the NS bit of the SCR_EL3 register is set to 1, it represents the access behavior of the non-secure space.

应理解,EL3的C处理函数根据ESR_EL3寄存器中ISS字段的值确定待切换的访问空间的类型,识别到此时要进入安全空间,则会设置SCR_EL3寄存器中的NS BIT为0,设置完成后退出到中断处理函数。It should be understood that the C processing function of EL3 determines the type of access space to be switched according to the value of the ISS field in the ESR_EL3 register. When it recognizes that it is time to enter the secure space, it sets the NS BIT in the SCR_EL3 register to 0. After the setting is completed, it exits to the interrupt processing function.

在进行访问空间的切换设置过程中,除了对SCR_EL3寄存器中的NS BIT进行设置,还需对MMU (memory management unit,配置内存管理单元)页表进行配置。由于现有技术中对安全空间和非安全空间分别设置对应的堆栈,安全空间的运行程序和非安全空间的运行程序为两套代码,故安全空间和非安全空间也分别配置MMU页表,即MMU页表配置为两个。In the process of switching the access space, in addition to setting the NS BIT in the SCR_EL3 register, the MMU (memory management unit) page table needs to be configured. Since the prior art sets corresponding stacks for the secure space and the non-secure space respectively, and the running programs of the secure space and the non-secure space are two sets of codes, the secure space and the non-secure space are also configured with MMU page tables respectively, that is, the MMU page tables are configured as two.

而本公开为了使安全空间与非安全空间之间的切换方法更加精简,为安全空间和非安全空间配置相同的MMU页表,即只配置一个MMU页表。并将MMU页表中的NS位设置为0,MMU页表中的NS位设置为0表征对安全空间发起的访问有效。In order to simplify the switching method between the secure space and the non-secure space, the present disclosure configures the same MMU page table for the secure space and the non-secure space, that is, only one MMU page table is configured. The NS bit in the MMU page table is set to 0, which indicates that the access initiated to the secure space is valid.

在进行访问空间的切换设置过程中,为了保证访问模型符合预期,需要先对SCR_EL3寄存器中的NS BIT进行设置,再对MMU页表进行配置。将SCR_EL3寄存器中的NS BIT设置为0,则表征进行安全空间的访问行为,在SCR_EL3寄存器中的NS BIT设置为0的情况下,为了保证对安全空间发起的访问是有效的,还需将MMU页表的NS位设置为0;即SCR_EL3寄存器中的NS BIT设置为0,且MMU页表的NS位设置为0,才能顺利的从非安全空间切换到安全空间。若进行安全空间到非安全空间的切换,则只需保证SCR_EL3寄存器中的NS BIT设置为1即可,MMU页表的NS位的值在SCR_EL3寄存器中的NS BIT设置为1的情况下,是无效的。In the process of switching the access space, in order to ensure that the access model meets expectations, you need to set the NS BIT in the SCR_EL3 register first, and then configure the MMU page table. Setting the NS BIT in the SCR_EL3 register to 0 indicates access to the secure space. When the NS BIT in the SCR_EL3 register is set to 0, in order to ensure that the access initiated to the secure space is valid, the NS bit of the MMU page table must also be set to 0; that is, the NS BIT in the SCR_EL3 register is set to 0, and the NS bit of the MMU page table is set to 0, in order to smoothly switch from the non-secure space to the secure space. If switching from the secure space to the non-secure space is performed, you only need to ensure that the NS BIT in the SCR_EL3 register is set to 1. The value of the NS bit of the MMU page table is invalid when the NS BIT in the SCR_EL3 register is set to 1.

故为了使切换流程更加简化,在进行固件堆栈设置时,即进行初始设置时,将MMU页表中的NS位设置为0。在每次进行访问空间的切换设置时,只需对SCR_EL3寄存器中的NSBIT进行设置即可,由于MMU页表中的NS位固定设置为0,在每次进行访问空间切换时,就不用对MMU页表进行操作,简化了访问空间切换流程。Therefore, in order to simplify the switching process, when setting the firmware stack, that is, when performing the initial setting, the NS bit in the MMU page table is set to 0. Each time the access space is switched, it is only necessary to set the NSBIT in the SCR_EL3 register. Since the NS bit in the MMU page table is fixedly set to 0, there is no need to operate the MMU page table each time the access space is switched, which simplifies the access space switching process.

在本公开中,安全空间到非安全空间的切换流程与非安全空间到安全空间的切换流程基本相同,区别仅在于访问参数的值不同,以及进行访问空间的切换设置时,对SCR_EL3寄存器中的NS BIT设置的值也不同,其余流程均相同。In the present disclosure, the switching process from secure space to non-secure space is basically the same as the switching process from non-secure space to secure space. The only difference is that the value of the access parameter is different, and when the access space switching setting is performed, the value set for the NS BIT in the SCR_EL3 register is also different. The rest of the processes are the same.

在本公开中,在进行访问空间切换之前,还需对安全空间和非安全空间进行固件堆栈设置,将安全空间的堆栈和非安全空间的堆栈设置为同一堆栈。安全空间的运行程序和非安全空间的运行程序均保持在同一堆栈中,进而实现安全空间的运行程序和非安全空间的运行程序使用一套代码。In the present disclosure, before switching the access space, it is necessary to set the firmware stack for the secure space and the non-secure space, and set the stack of the secure space and the stack of the non-secure space to the same stack. The running program of the secure space and the running program of the non-secure space are kept in the same stack, thereby realizing that the running program of the secure space and the running program of the non-secure space use a set of codes.

在进行访问空间切换之前,本公开还需进行初始化设置,对于本公开的EL3来说,仅需实现切换功能、保存和恢复上下文的功能。支持切换功能、保存和恢复上下文的功能的基础需求是:提供SMC指令支持+SMC中断支持(即中断向量表+对应的处理函数)+ 函数/局部变量支持(即EL3的堆栈)+模式切换(即C处理函数中支持ESR_EL3寄存器的NS BIT设置)。因此,为了支持EL3的切换功能、保存和恢复上下文的功能,本公开分别对各基础需求在初始化时进行了支持。Before switching the access space, the present disclosure also needs to perform initialization settings. For the EL3 of the present disclosure, it is only necessary to implement the switching function and the functions of saving and restoring the context. The basic requirements for supporting the switching function and the functions of saving and restoring the context are: providing SMC instruction support + SMC interrupt support (i.e. interrupt vector table + corresponding processing function) + function/local variable support (i.e. EL3 stack) + mode switching (i.e. supporting the NS BIT setting of the ESR_EL3 register in the C processing function). Therefore, in order to support the switching function of EL3 and the functions of saving and restoring the context, the present disclosure supports each basic requirement during initialization.

为了支持SMC指令,将SCR_EL3寄存器中的SMD进行关闭操作,同时设置SCR_EL3寄存器中的NS为1。To support the SMC instruction, the SMD in the SCR_EL3 register is turned off and the NS in the SCR_EL3 register is set to 1.

为支持SMC中断,将EL3的中断向量表EL3_Vectors配置到EL3的中断处理函数VBAR_EL3中,对于EL3_Vectors中的中断处理函数,基于DEN0024A_v8_architecture_PG文档(为ARM V8的一个官方文档),可以看到分为4个组,每个组有4个入口,分别为处理不同类型的EL的不同输入。对于本公开来说,因为EL1运行在Aarch64执行状态,且SMC指令为同步/Synchronous指令,所以只需要实现第三组(Lower EL using AArch64)中的第一个入口(Synchronous)对应的中断处理函数;模式切换功能在中断处理函数中实现。To support SMC interrupts, the interrupt vector table EL3_Vectors of EL3 is configured to the interrupt processing function VBAR_EL3 of EL3. For the interrupt processing function in EL3_Vectors, based on the DEN0024A_v8_architecture_PG document (an official document of ARM V8), it can be seen that it is divided into 4 groups, each group has 4 entries, which are used to handle different inputs of different types of EL. For this disclosure, because EL1 runs in the Aarch64 execution state and the SMC instruction is a synchronous/Synchronous instruction, it is only necessary to implement the interrupt processing function corresponding to the first entry (Synchronous) in the third group (Lower EL using AArch64); the mode switching function is implemented in the interrupt processing function.

为支持函数/局部变量,加载了在链接文件中配置的EL3堆栈,使得函数入参/局部变量等可以有对应的堆栈进行出/入栈,对于此操作,只需要通过LDR指令将EL3堆栈在堆栈设置中配置的地址加载到sp中即可。To support functions/local variables, the EL3 stack configured in the link file is loaded so that function input parameters/local variables can have corresponding stacks for entry/exit. For this operation, you only need to load the address of the EL3 stack configured in the stack settings into sp through the LDR instruction.

EL3的堆栈可以设置为:EL3_STACK +0 ALIGN 16 EMPTY 0x800,其中,EL3_STACK是堆栈的名字,+0代表紧跟着前面的栈,ALIGN 16代表16字节对齐,EMPTY代表默认填0,0x800是堆栈大小。EL3的堆栈增加方式可以为指示EL3_STACK紧跟上一个堆栈(如EL1_STACK),16字节对齐且大小为0x800,内容为全0。The stack of EL3 can be set as: EL3_STACK +0 ALIGN 16 EMPTY 0x800, where EL3_STACK is the name of the stack, +0 means it follows the previous stack, ALIGN 16 means 16-byte alignment, EMPTY means default zero filling, and 0x800 is the stack size. The stack of EL3 can be increased by indicating that EL3_STACK follows the previous stack (such as EL1_STACK), 16-byte alignment and size 0x800, and all zeros.

基于相同的发明构思,本公开实施例还提供一种访问空间切换装置,该访问空间切换装置可以包括如图3所示的访问空间确定模块201、访问空间切换设置模块202和访问空间切换模块203。Based on the same inventive concept, an embodiment of the present disclosure further provides an access space switching device, which may include an access space determining module 201, an access space switching setting module 202 and an access space switching module 203 as shown in FIG. 3 .

访问空间确定模块201,用于基于接收的访问参数确定待切换的访问空间,并从当前访问空间跳转至EL3;访问空间包括安全空间和非安全空间,当前访问空间与待切换的访问空间为不同的访问空间。The access space determination module 201 is used to determine the access space to be switched based on the received access parameters, and jump from the current access space to EL3; the access space includes a secure space and a non-secure space, and the current access space and the access space to be switched are different access spaces.

应理解,访问空间确定模块201用于执行上述步骤101的内容。It should be understood that the access space determination module 201 is used to execute the content of the above step 101.

访问空间切换设置模块202,用于在EL3中,保存当前访问空间的上下文,并进行访问空间的切换设置,设置完成后恢复当前访问空间的上下文,基于恢复的当前访问空间的上下文,确定待切换的访问空间的运行程序;安全空间的运行程序和非安全空间的运行程序使用一套代码。The access space switching setting module 202 is used to save the context of the current access space in EL3 and perform access space switching settings. After the settings are completed, the context of the current access space is restored, and based on the restored context of the current access space, the running program of the access space to be switched is determined; the running program of the secure space and the running program of the non-secure space use a set of codes.

在本公开中,访问空间切换设置模块202,还用于基于当前访问空间的相关寄存器值获取当前访问空间的当前运行程序地址;基于当前运行程序地址获得待切换的访问空间的运行程序。In the present disclosure, the access space switching setting module 202 is also used to obtain the current running program address of the current access space based on the relevant register value of the current access space; and obtain the running program of the access space to be switched based on the current running program address.

访问空间切换设置模块202,还用于根据待切换的访问空间的类型,对SCR_EL3寄存器的NS位进行设置;SCR_EL3寄存器的NS位设置为0则表征进行安全空间的访问行为,SCR_EL3寄存器的NS位设置为1则表征进行非安全空间的访问行为。The access space switching setting module 202 is also used to set the NS bit of the SCR_EL3 register according to the type of access space to be switched; if the NS bit of the SCR_EL3 register is set to 0, it indicates the access behavior of the secure space, and if the NS bit of the SCR_EL3 register is set to 1, it indicates the access behavior of the non-secure space.

应理解,访问空间切换设置模块202用于执行上述步骤102的内容。It should be understood that the access space switching setting module 202 is used to execute the content of the above step 102.

访问空间切换模块203,用于基于待切换的访问空间的运行程序和所述切换设置,进入到待切换的访问空间。The access space switching module 203 is used to enter the access space to be switched based on the running program of the access space to be switched and the switching setting.

应理解,访问空间切换模块203用于执行上述步骤103的内容。It should be understood that the access space switching module 203 is used to execute the content of the above step 103.

进一步的,本公开提供的访问空间切换装置200还包括:初始化设置模块204,用于在进行访问空间切换之前,对安全空间和非安全空间进行固件堆栈设置。Furthermore, the access space switching device 200 provided by the present disclosure also includes: an initialization setting module 204, which is used to perform firmware stack settings for the secure space and the non-secure space before performing the access space switching.

初始化设置模块204,还用于将安全空间的堆栈和非安全空间的堆栈设置为同一堆栈。The initialization setting module 204 is further used to set the stack of the secure space and the stack of the non-secure space to be the same stack.

初始化设置模块204,还用于为安全空间和非安全空间配置相同的MMU页表。The initialization setting module 204 is also used to configure the same MMU page table for the secure space and the non-secure space.

初始化设置模块204,还用于将MMU页表中的NS位设置为0。The initialization setting module 204 is also used to set the NS bit in the MMU page table to 0.

基于相同的发明构思,本公开实施例还提供一种处理器,将处理器划分为安全空间、非安全空间和EL3,处理器基于上述任一实施例所述的访问空间切换方法,进行安全空间和非安全空间之间的切换。Based on the same inventive concept, an embodiment of the present disclosure also provides a processor, which divides the processor into a secure space, a non-secure space and EL3. The processor switches between the secure space and the non-secure space based on the access space switching method described in any of the above embodiments.

该处理器可以为ARMv8 aarch64架构的CPU、GPU和片上系统的MCU等。The processor may be a CPU, a GPU, an MCU of a system-on-chip, etc. of an ARMv8 aarch64 architecture.

基于相同的发明构思,本公开实施例还提供一种电子装置,该电子装置包括上述任一实施例中所述的处理器。在一些使用场景下,该电子装置的产品形式体现为显卡;在另一些使用场景下,该电子装置的产品形式体现为CPU主板。Based on the same inventive concept, the embodiment of the present disclosure also provides an electronic device, which includes the processor described in any of the above embodiments. In some usage scenarios, the product form of the electronic device is embodied as a graphics card; in other usage scenarios, the product form of the electronic device is embodied as a CPU motherboard.

基于相同的发明构思,本公开实施例还提供一种电子设备,该电子设备包括上述的电子装置。在一些使用场景下,该电子设备的产品形式是便携式电子设备,例如智能手机、平板电脑、VR设备等;在一些使用场景下,该电子设备的产品形式是个人电脑、游戏主机等。Based on the same inventive concept, the disclosed embodiment also provides an electronic device, which includes the above-mentioned electronic device. In some usage scenarios, the product form of the electronic device is a portable electronic device, such as a smart phone, a tablet computer, a VR device, etc.; in some usage scenarios, the product form of the electronic device is a personal computer, a game console, etc.

基于相同的发明构思,本公开实施例还提供一种存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现上述任一实施例所述的访问空间切换方法的步骤。Based on the same inventive concept, an embodiment of the present disclosure further provides a storage medium on which a computer program is stored. When the computer program is executed by a processor, the steps of the access space switching method described in any of the above embodiments are implemented.

尽管已描述了本公开的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本公开范围的所有变更和修改。Although the preferred embodiments of the present disclosure have been described, those skilled in the art may make additional changes and modifications to these embodiments once they have learned the basic creative concept. Therefore, the appended claims are intended to be interpreted as including the preferred embodiments and all changes and modifications falling within the scope of the present disclosure.

显然,本领域的技术人员可以对本公开进行各种改动和变型而不脱离本公开的精神和范围。这样,倘若本公开的这些修改和变型属于本公开权利要求及其等同技术的范围之内,则本公开也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the present disclosure without departing from the spirit and scope of the present disclosure. Thus, if these modifications and variations of the present disclosure fall within the scope of the claims of the present disclosure and their equivalents, the present disclosure is also intended to include these modifications and variations.

Claims (15)

1.一种访问空间切换方法,包括:1. A method for switching an access space, comprising: 基于接收的访问参数确定待切换的访问空间,并从当前访问空间跳转至EL3;所述访问空间包括安全空间和非安全空间,所述当前访问空间与所述待切换的访问空间为不同的访问空间;Determine the access space to be switched based on the received access parameters, and jump from the current access space to EL3; the access space includes a secure space and a non-secure space, and the current access space and the access space to be switched are different access spaces; 在所述EL3中,保存当前访问空间的上下文,并进行访问空间的切换设置,设置完成后恢复所述当前访问空间的上下文,基于恢复的所述当前访问空间的上下文,确定所述待切换的访问空间的运行程序;所述安全空间的运行程序和非安全空间的运行程序使用一套代码;In the EL3, the context of the current access space is saved, and the access space switching setting is performed. After the setting is completed, the context of the current access space is restored, and based on the restored context of the current access space, the running program of the access space to be switched is determined; the running program of the secure space and the running program of the non-secure space use a set of codes; 基于所述待切换的访问空间的运行程序和所述切换设置,进入到所述待切换的访问空间。Based on the running program of the access space to be switched and the switching setting, enter the access space to be switched. 2.根据权利要求1所述的访问空间切换方法,所述方法还包括:2. The access space switching method according to claim 1, further comprising: 在进行访问空间切换之前,对所述安全空间和非安全空间进行固件堆栈设置。Before switching the access space, a firmware stack is set for the secure space and the non-secure space. 3.根据权利要求2所述的访问空间切换方法,所述对所述安全空间和非安全空间进行固件堆栈设置,包括:3. The access space switching method according to claim 2, wherein the step of performing firmware stack settings on the secure space and the non-secure space comprises: 将所述安全空间的堆栈和非安全空间的堆栈设置为同一堆栈。The stack of the secure space and the stack of the non-secure space are set to be the same stack. 4.根据权利要求3所述的访问空间切换方法,所述对所述安全空间和非安全空间进行固件堆栈设置,还包括:4. The access space switching method according to claim 3, wherein the firmware stack setting for the secure space and the non-secure space further comprises: 为所述安全空间和非安全空间配置相同的MMU页表。The same MMU page table is configured for the secure space and the non-secure space. 5.根据权利要求4所述的访问空间切换方法,所述为所述安全空间和非安全空间配置相同的MMU页表,包括:5. The access space switching method according to claim 4, wherein configuring the same MMU page table for the secure space and the non-secure space comprises: 将所述MMU页表中的NS位设置为0。Set the NS bit in the MMU page table to 0. 6.根据权利要求1所述的访问空间切换方法,所述进行访问空间的切换设置包括:6. The access space switching method according to claim 1, wherein the step of performing access space switching settings comprises: 根据待切换的访问空间的类型,对SCR_EL3寄存器的NS位进行设置;所述SCR_EL3寄存器的NS位设置为0则表征进行安全空间的访问行为,所述SCR_EL3寄存器的NS位设置为1则表征进行非安全空间的访问行为。According to the type of access space to be switched, the NS bit of the SCR_EL3 register is set; if the NS bit of the SCR_EL3 register is set to 0, it indicates the access behavior of the secure space, and if the NS bit of the SCR_EL3 register is set to 1, it indicates the access behavior of the non-secure space. 7.一种访问空间切换装置,包括:7. An access space switching device, comprising: 访问空间确定模块,用于基于接收的访问参数确定待切换的访问空间,并从当前访问空间跳转至EL3;所述访问空间包括安全空间和非安全空间,所述当前访问空间与所述待切换的访问空间为不同的访问空间;An access space determination module, configured to determine an access space to be switched based on received access parameters, and jump from a current access space to EL3; the access space includes a secure space and a non-secure space, and the current access space and the access space to be switched are different access spaces; 访问空间切换设置模块,用于在所述EL3中,保存当前访问空间的上下文,并进行访问空间的切换设置,设置完成后恢复所述当前访问空间的上下文,基于恢复的所述当前访问空间的上下文,确定所述待切换的访问空间的运行程序;所述安全空间的运行程序和非安全空间的运行程序使用一套代码;An access space switching setting module is used to save the context of the current access space in the EL3, and perform access space switching settings, restore the context of the current access space after the settings are completed, and determine the running program of the access space to be switched based on the restored context of the current access space; the running program of the secure space and the running program of the non-secure space use a set of codes; 访问空间切换模块,用于基于所述待切换的访问空间的运行程序和所述切换设置,进入到所述待切换的访问空间。The access space switching module is used to enter the access space to be switched based on the running program of the access space to be switched and the switching setting. 8.根据权利要求7所述的访问空间切换装置,所述装置还包括:8. The access space switching device according to claim 7, further comprising: 初始化设置模块,用于在进行访问空间切换之前,对所述安全空间和非安全空间进行固件堆栈设置。The initialization setting module is used to perform firmware stack settings on the secure space and the non-secure space before switching the access space. 9.根据权利要求8所述的访问空间切换装置,所述初始化设置模块,还用于将所述安全空间的堆栈和非安全空间的堆栈设置为同一堆栈。9. The access space switching device according to claim 8, wherein the initialization setting module is further used to set the stack of the secure space and the stack of the non-secure space to be the same stack. 10.根据权利要求9所述的访问空间切换装置,所述初始化设置模块,还用于为所述安全空间和非安全空间配置相同的MMU页表。10. According to the access space switching device according to claim 9, the initialization setting module is also used to configure the same MMU page table for the secure space and the non-secure space. 11.根据权利要求10所述的访问空间切换装置,所述初始化设置模块,还用于将所述MMU页表中的NS位设置为0。11. The access space switching device according to claim 10, wherein the initialization setting module is further used to set the NS bit in the MMU page table to 0. 12.根据权利要求7所述的访问空间切换装置,所述访问空间切换设置模块,还用于根据待切换的访问空间的类型,对SCR_EL3寄存器的NS位进行设置;所述SCR_EL3寄存器的NS位设置为0则表征进行安全空间的访问行为,所述SCR_EL3寄存器的NS位设置为1则表征进行非安全空间的访问行为。12. According to the access space switching device of claim 7, the access space switching setting module is also used to set the NS bit of the SCR_EL3 register according to the type of access space to be switched; if the NS bit of the SCR_EL3 register is set to 0, it represents the access behavior of the secure space, and if the NS bit of the SCR_EL3 register is set to 1, it represents the access behavior of the non-secure space. 13.一种处理器,将所述处理器划分为安全空间、非安全空间和EL3,所述处理器基于权利要求1-6任一项所述的访问空间切换方法,进行安全空间和非安全空间之间的切换。13. A processor, the processor being divided into a secure space, a non-secure space and EL3, the processor switching between the secure space and the non-secure space based on the access space switching method described in any one of claims 1-6. 14.一种电子设备,包括权利要求13所述的处理器。14. An electronic device comprising the processor according to claim 13. 15.一种存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现如权利要求1至6任意一项所述方法的步骤。15. A storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the steps of the method according to any one of claims 1 to 6.
CN202410190644.5A 2024-02-21 2024-02-21 Access space switching method, device, processor, equipment and storage medium Active CN117744067B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410190644.5A CN117744067B (en) 2024-02-21 2024-02-21 Access space switching method, device, processor, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410190644.5A CN117744067B (en) 2024-02-21 2024-02-21 Access space switching method, device, processor, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN117744067A CN117744067A (en) 2024-03-22
CN117744067B true CN117744067B (en) 2024-06-21

Family

ID=90251249

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410190644.5A Active CN117744067B (en) 2024-02-21 2024-02-21 Access space switching method, device, processor, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117744067B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105391673A (en) * 2014-09-04 2016-03-09 华为技术有限公司 Safe access method and device
CN108090376A (en) * 2016-11-23 2018-05-29 厦门雅迅网络股份有限公司 CAN bus data prevention method and system based on TrustZone

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108959916B (en) * 2017-05-22 2022-01-14 华为技术有限公司 Method, device and system for accessing secure world
KR102416501B1 (en) * 2017-09-20 2022-07-05 삼성전자주식회사 Electronic device and control method thereof
CN112329019A (en) * 2020-11-02 2021-02-05 歌尔科技有限公司 TrustZone-based programming method, terminal equipment and storage medium
CN112818327B (en) * 2021-02-26 2024-10-01 中国人民解放军国防科技大学 TrustZone-based user-level code and data security and credibility protection method and device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105391673A (en) * 2014-09-04 2016-03-09 华为技术有限公司 Safe access method and device
CN108090376A (en) * 2016-11-23 2018-05-29 厦门雅迅网络股份有限公司 CAN bus data prevention method and system based on TrustZone

Also Published As

Publication number Publication date
CN117744067A (en) 2024-03-22

Similar Documents

Publication Publication Date Title
US9207968B2 (en) Computing system using single operating system to provide normal security services and high security services, and methods thereof
US7209994B1 (en) Processor that maintains virtual interrupt state and injects virtual interrupts into virtual machine guests
US5717903A (en) Method and appartus for emulating a peripheral device to allow device driver development before availability of the peripheral device
US6629157B1 (en) System and method for virtualizing the configuration space of PCI devices in a processing system
US9940291B2 (en) Assigning processors to memory mapped configuration
KR100950102B1 (en) A computer system including a secure execution mode-capable processor and a method of initializing the computer system
US7930443B1 (en) Router having routing engine software instance and interface controller software instance on a single processor
US20110219373A1 (en) Virtual machine management apparatus and virtualization method for virtualization-supporting terminal platform
CN101261577A (en) Microprocessor and method of storing data in the microprocessor
EP4336359A1 (en) Method for processing page faults and corresponding apparatus
EP4220394A1 (en) Chip system, method for processing virtual interrupt, and corresponding device
US10983847B2 (en) Dynamically loadable unikernel binaries
WO2022066301A1 (en) Phased boot process to dynamically initialize devices in a verified environment
WO2020177567A1 (en) Method, apparatus, and system for migrating data
US6986028B2 (en) Repeat block with zero cycle overhead nesting
CN115292000B (en) Method, device and electronic device for dynamic migration of virtual machines
US7581037B2 (en) Effecting a processor operating mode change to execute device code
CN117744067B (en) Access space switching method, device, processor, equipment and storage medium
US20050091022A1 (en) Ultra fast multi-processor system simulation using dedicated virtual machines
US20040193394A1 (en) Method for CPU simulation using virtual machine extensions
CN115098244B (en) Kernel stack allocation method, electronic device, chip and storage medium
JP2010003151A (en) Data processing apparatus
EP4187387A1 (en) Inter-process communication method and apparatus, and computer storage medium
Joshi et al. Twin-Linux: Running independent Linux Kernels simultaneously on separate cores of a multicore system
CN117667465B (en) Code sharing method, device, switch, multi-host system, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: Access space switching method, device, processor, equipment, and storage medium

Granted publication date: 20240621

Pledgee: Ji Aiqin

Pledgor: Xiangdixian Computing Technology (Chongqing) Co.,Ltd.|Beijing xiangdixian Computing Technology Co.,Ltd.

Registration number: Y2024980043989

PE01 Entry into force of the registration of the contract for pledge of patent right